* Dick Hardt:
> DNSEC provides a tighter binding of the public key to the domain name
> then the current CA infrastructure that has been shown to issue certs
> for domains to entities other then those controlling the domain.
You can't really compare a non-deployed protocol to a broken process.
The result is meaningless. When deployed, the protocol might end up
with broken processes, too.